I believe on the open source config I posted, it was a "signed" certificate. But you can get them for free here.
http://www.startssl.com/ On Mon, Feb 18, 2013 at 8:04 PM, Kevin King <ke...@precisonline.com> wrote: > John (Thompson)... This IHS Apache is definitely a cracked Apache with some > odd configuration SSL setup in particular is completely different. > > John (Hester), I can see the cert in the key file (through the gsk7cmd > command) but with the name api.client.com it cannot be found. I even > recreated the cert as "api" (without dots) because I found a page that said > that the dots could be causing problems, but still no love. It seems I've > done everything correctly but still it just can't find a combination that > works. I'm wondering if the problem here is the fact that it's a > self-signed cert without a chain? Are you using a self-signed cert here? > Do you have other certs in your key file that may represent a chain for > the self-signed cert? > > Thank you gentlemen for the insight. Most appreciated. > > -K > > On Mon, Feb 18, 2013 at 3:09 PM, John Hester <jhes...@momtex.com> wrote: > > > It sounds like you've done all you need to for basic IHS SSL > > functionality. As long as api.client.com matches the name you gave the > > certificate via ikeyman, and you have the KeyFile directive, you should > > be OK. There are a lot of other options you can add for optimization > > and browser compatibility, but I don't think leaving any of those out > > would break it outright. Here's my working IHS config from the > > development server on my Windows workstation for comparison: > > > > <VirtualHost *:443> > > SSLEnable > > SSLProtocolDisable SSLv2 > > SSLServerCert is12.momtex.com > > <Directory "c:/IBM/HTTPServer/htdocs/html"> > > Options +Includes > > AddType text/html .shtml > > AddOutputFilter INCLUDES .shtml > > </Directory> > > </VirtualHost> > > KeyFile "C:/IBM/HTTPServer/key.kdb" > > SSLDisable > > > > -John > > > > -----Original Message----- > > From: u2-users-boun...@listserver.u2ug.org > > [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Kevin King > > Sent: Saturday, February 16, 2013 4:02 PM > > To: U2 Users List > > Subject: [U2] AIX 5.3 IBMIHS Web Server > > > > Might anyone have any tips or tricks for getting SSL to work on the > > IBMIHS/Apache 2.0.47 web server on an AIX 5.3 box? The documentation > > I've found on the web is byzantine at best and it would be fine if the > > commands actually worked, but I keep getting odd error messages and > > stalled at every turn. > > > > I've upgrade the GSK so that the server will start with SSL enabled, I > > have a virtual host configured, but I have no clue how to tie a specific > > certificate to the VirtualHost. Well, let's say I have clues, but > > nothing is working. Here's the <VirtualHost> stanza I have set up in > > httpd.conf: > > > > <VirtualHost *:443> > > SSLEnable > > SSLClientAuth None > > SSLServerCert api.client.com > > ServerName api.client.com > > DocumentRoot /usr/www > > <Directory "/usr/www"> > > Order Allow,Deny > > Allow From All > > </Directory> > > ErrorLog logs/api_error.log > > CustomLog logs/api_error.log common </VirtualHost> > > > > I've been able to generate a CSR and create a self-signed certificate, > > and it would appear that I've even successfully imported that > > certificate into my key database, as demonstrated by this command: > > > > $ gsk7cmd -cert -details -db /usr/IBMIHS/ssl/client.kdb -label " > > api.client.com" -pw "password" > > > > ...which produces the following output... > > > > Label: api.client.com > > Key Size: 512 > > Version: X509 V1 > > Serial Number: 00 DB 00 41 9A 19 77 7E 9F Issued By: api.client.com > > CLIENT City, ST, US > > Subject: api.client.com > > CLIENT > > City, ST, US > > Valid From: Saturday, February 16, 2013 6:06:08 PM EST To: Saturday, > > April 17, 2032 7:06:08 PM EDT > > Fingerprint: ... > > Signature Algorithm: 1.2.840.113549.1.1.5 Trust Status: enabled > > > > But even though this certificate is in the keyfile (and yes, I have a > > KeyFile directive elsewhere in the httpd.conf file pointing to the > > client.kdb file) I can't seem to associate it to the virtual host. What > > am I missing? > > > > (And yes, I'm aware this is not specifically a U2 question but I need > > this to provide web connectivity to a Unidata machine from a Rackspace > > hosted server. So in a way... it sorta is U2 related.) > > > > Help? > > _______________________________________________ > > U2-Users mailing list > > U2-Users@listserver.u2ug.org > > http://listserver.u2ug.org/mailman/listinfo/u2-users > > _______________________________________________ > > U2-Users mailing list > > U2-Users@listserver.u2ug.org > > http://listserver.u2ug.org/mailman/listinfo/u2-users > > > _______________________________________________ > U2-Users mailing list > U2-Users@listserver.u2ug.org > http://listserver.u2ug.org/mailman/listinfo/u2-users > -- John Thompson _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users